OCI Integration Guide
The following guide covers the steps to integrate your Oracle Cloud Infrastructure (OCI) data with Vega Cloud.
OCI is in Open Preview and is not General Availability (GA) at this time and currently this guide is written for Oracle tenancies that use identity domains. More information about release phases may be found here.
OCI Console
Step 1: Create an IAM User
For Vega Cloud to receive access to Oracle Data, we require an OCI user in the platform. This allows you to control access given to our organization for authorized resources.
- Log in to the Oracle console.
- Search for Domains in the search bar up top, one of Oracle's Identity services.
- Choose the specific Domain under the compartment that you intend to grant Vega access to.
- In the domain interface, locate and select the Users tab from the left-hand menu.
- Click on the option to Create User. Provide the necessary details, it is suggested to use Vegacloud somewhere in the name/email for easy identification. After entering the requisite information, proceed to click on Create.
Step 2: Set up an API signing Key
The administrator within your organization must create a key pair specifically for signing Vega API requests. This leads to Oracle generating the public key from the pair, while the private key needs to be integrated into the Vega platform.
Once the user is created proceed with the following steps:
- Select the user from the Users tab created in Step 1.
- On the bottom left, navigate to the API Keys tab under Resources and select Add API Key.
- Next, you have the option to generate the key pair. You can download the private key.
- If you already possess a key pair, you can opt-out to upload or paste your public key file instead. Generating an API key pair is recommended.
- After generating the key pair, select Download Private Key and Download Public Key.
- The private key will be essential moving forward.
- Finally, select the Add button.
- Upon completion, a configuration file snippet will be displayed containing the basic authentication information necessary for utilizing our user's credentials in the SDK, CLI, or other OCI developer tools.
- Copy this snippet to the text editor of your preference. Vega will require this information alongside developer tools to authenticate against Oracle.
Make sure to keep the Private Key .pem content handy, as it will be used in the following steps.
Step 3: Add user to a group
Access to infrastructure within OCI is governed at the group level in a domain, rather than individually for each user. As a result, to secure access to resources, a Vega user must be included in the group linked with the requisite IAM policies, thereby granting the necessary permissions.
You can create a user group or add the Vega user from Step 1 to an existing group.
If a group has not been established then follow these steps:
- Navigate to Identity and then Domain.
Identity > Domain
- On the left-hand menu select Groups.
Identity > Domains > <YOUR_SELECTED_DOMAIN_NAME_HERE>
- Click on Create Group.
- Fill out the required fields, including the name and description of the group.
- Add the Vega user from Step 1 to this group.
- After all the necessary details are provided, select Create.
Step 4: Create access policies
Create an IAM policy using the following policy statements and attach it to user group from Step 3.
In the Oracle Console:
-
Navigate to Identity and then Policies.
Identity > Policies
-
If the policy has not been created, select Create Policy.
-
Fill out Name, Description, and copy the following into Policy Statement Manual Editor. Please note that if your group belongs to a domain other than Default, the 'YOUR_GROUP_NAME_HERE' should be replaced with 'DOMAIN_NAME'/'GROUP_NAME'
Option 1 - If the desired OCI Compartment is the Root Compartment:
infoThis is the OCID of Oracle's special tenancy where CUR files live, you can read more about it here
define tenancy reporting as ocid1.tenancy.oc1..aaaaaaaaned4fkpkisbwjlr56u7cj63lf3wffbilvqknstgtvzub7vhqkggq
endorse group <YOUR_GROUP_NAME_HERE> to read objects in tenancy reporting
Allow group <YOUR_GROUP_NAME_HERE> to read all-resources in tenancy
Option 2 - If the desired OCI Compartment is a child Compartment:
infoCOMPARTMENT_NAME is the name of the compartment you wish to grant access to.
Allow group <YOUR_GROUP_NAME_HERE> to read all-resources in <COMPARTMENT_NAME>
-
After pasting the policy statement(s), select Create Policy.
-
Once the policy is created, it is then attached to the user group from Step 3.
Now you can head over to the Vega Platform.
Vega Platform
Create OCI Provider Account
Now we need to create the Provider Account in the Vega Platform to connect to your Oracle Cloud Infrastructure (OCI) data.
-
Navigate to the Vega Platform.
-
As an admin level user select Settings on the left-hand menu.
-
Locate and select the tab Provider Accounts.
-
Next, press the + Account button.
-
After, click the Oracle Cloud Infrastructure button.
-
Now, fill out the required form fields. This information can be found in the configuration file snippet from Step 2 in the Oracle Console section.
Option 1 - If the desired OCI Compartment is the Root Compartment:
infoMake sure the checkbox with the label "This is the Tenancy ID (Compartment root)." is checked.
- Tenancy OCID: The OCID of the tenancy / root compartment.
- Private Key: The content of the private key downloaded earlier
- Fingerprint: The fingerprint of the Private Key file
- Home Region Identifier: Home Region ID of the root Compartment
- User OCI: The user OCID created above
- Vega Account Alias (optional): An optional name to give your Provider Account
- Account Status: Indication if the account is enabled or not, where disabled accounts will not be discovered or actioned on.
Option 2 - If the desired OCI Compartment is a child Compartment:
infoMake sure the checkbox with the label "This is the Tenancy ID (Compartment root)." is not checked.
- Compartment OCID: The OCID of the desired Compartment.
- Tenancy OCID: The OCID of the Tenancy that the Compartment Reside in.
- Parent Compartment OCID: The OCID of the direct parent Compartment.
- Private Key: The content of the private key downloaded earlier
- Fingerprint: The fingerprint of the Private Key file
- Home Region Identifier: Home Region ID of the root Compartment
- User OCI: The user OCID created above
- Vega Account Alias (optional): An optional name to give your Provider Account
- Account Status: Indication if the account is enabled or not, where disabled accounts will not be discovered or actioned on.
-
Finally, when all the content has been entered, select Create.
- Once the required form fields have been inputted, and the contents validated, it will be submitted.